Db2 Basics: Investigating Permissions in an Existing Database

Edit: 01/23/2018 – corrected one word not in an SQL statement.

I have written several other articles on security and permissions, but I thought I would write one from a purely practical perspective. If you don’t understand the basics of how DB2 handles users, authentication, authorization, and privileges, please read Db2 Basics: Users, Authentication, and Authorization.… Read the rest

Continue reading »

DB2 Basics: Patching DB2

Like any software, DB2 requires frequent patching. A database should be one of the most secure parts of any enterprise, and keeping it secure means keeping up with the fixes that are delivered in fix packs.

Fix Packs

DB2 delivers many things through fixpacks, including:

  • Security Fixes
  • Bug Fixes
  • New Functionality – though IBM goes back and forth on this

IBM delivered Native Encryption in Fix Pack 5 of DB2 10.5.… Read the rest

Continue reading »

DB2 Backups When Using Native Encryption

I’ve recently implemented native encryption for a small database on a server that is somewhat oversized on CPU and memory. One of the things I noticed after encrypting my database was both increased backup duration and increased backup size.

Backup Size

On this particular system, I take compressed DB2 backups to disk, which is later externalized.… Read the rest

Continue reading »

LBAC – Label Based Access Control

To go with my recent article on RCAC/FGAC, I thought I would do some similar work using LBAC and see what I could learn about it and the differences between the two.

What is LBAC

Label Based Access Control essentially adds a column to a table that labels each row (think confidential, secret, top secret), and then grants uses of those labels to users to allow them to access the data.… Read the rest

Continue reading »